Mercurial > hg > dhcpcd
changeset 5345:f6051f78e441 draft
Try and guard against impossibly large data.
| author | Roy Marples <roy@marples.name> |
|---|---|
| date | Wed, 10 Jun 2020 11:16:14 +0100 |
| parents | 3df49497d40b |
| children | 3ceefc13699e |
| files | src/dhcpcd.c src/privsep-root.c |
| diffstat | 2 files changed, 7 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/src/dhcpcd.c Wed Jun 10 08:30:28 2020 +0100 +++ b/src/dhcpcd.c Wed Jun 10 11:16:14 2020 +0100 @@ -1686,6 +1686,10 @@ errno = EINVAL; goto err; } + if (ctx->ctl_buflen > SSIZE_MAX) { + errno = ENOBUFS; + goto err; + } free(ctx->ctl_buf); ctx->ctl_buf = malloc(ctx->ctl_buflen);
--- a/src/privsep-root.c Wed Jun 10 08:30:28 2020 +0100 +++ b/src/privsep-root.c Wed Jun 10 11:16:14 2020 +0100 @@ -151,10 +151,10 @@ PSR_ERROR(errno); else if ((size_t)len < sizeof(*psr_error)) PSR_ERROR(EINVAL); - else if (psr_error->psr_datalen > SSIZE_MAX) + + if (psr_error->psr_datalen > SSIZE_MAX) PSR_ERROR(ENOBUFS); - - if (psr_error->psr_datalen != 0) { + else if (psr_error->psr_datalen != 0) { psr_ctx->psr_data = malloc(psr_error->psr_datalen); if (psr_ctx->psr_data == NULL) PSR_ERROR(errno);
